Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

Funny. Mine doesn't do packet inspection from the vendor. Claiming everyone walks around scanning and cataloging neighbors WiFi is disingenuous at best. Goggle went beyond that, storing more info than SSID.

Why for the love of God would you say that? WiFi geolocation is very useful, and extremely important these days, especially if you're having trouble getting a GPS fix.

Furthermore: An SSD is broadcasted - it's public. Why would you have any expectation of privacy?

If I hang a big sign that says "Bemymonkeyland" out in front of my house, do I have a right to stop people from using that as a location marker? Do I need to opt in to letting people say "Oh yeah, sure, the nearest McDonald's is three blocks down th

This is a pretty clunky, it's akin to adding _nomap to every url you don't want indexed. Google might want to come up with a more elegant solution.

At the same time, Google doesn't really need to offer any solution at all. "Is it just me, or should this 'service' be an explicit opt-in?" You are opting in when you decide to start broadcasting radio waves. Complaining about having your wifi recorded is like yelling in a public place and then complaining that people notice.

But really what expectation of privacy do you really have when you are broadcasting a radio signal? It's not as if Google is decrypting your data. In the US I believe that would be illegal, and generally not something they would be interested in doing anyway. But recording a signal you are broadcasting I believe is still a-ok.

As far as security goes, I ran an experiment last year and I was really surprised just how bad wireless

The last place where I used to work used lots (over 25 per location) of barcode scanners that work over WiFi, and runs 24/7 shifts for order picking, loading and unloading. Changing the SSID may not entail much if you have a centralized management system, but these scanners have to be configured by hand through a touchscreen.

So no, changing SSIDs is not "always trivial". I would have much preferred if they just used the broadcast flag for it (i.e. don't catalog hidden SSIDs)

And that the connections persist even in the yard or -gasp- out on the street as they drive away or up to their house. And it doesn't take much of a cognitive leap to realize that if they can see their network, that others quite possibly could too.

Actually, it takes a substantial cognitive leap for many people. Many people do not understand that a computer can record things, that these things can be automated, that cars passing by their house can detect wifi, etc.

Why do you think people name their networks funny and clever things? Would they take the time to think up names like "AMANDA_HAS_AIDS" or "get off my netz" if they didn't expect others to see them?

Not broadcasting your SSID causes *problems*. Parts of network detection and certain devices/software have problems with turning off your SSID. It also doesn't add anything as far as security, not even remotely.

So adding _nomap sounds pretty reasonable to me, aside from that SSID's are not the best of concepts as they are implemented anyway.

I'm not sure why you want to limit my rights to publish the location of something that you broadcast to the public. I'm not cracking it, and I'm not even trying to log into it. I just capture the beacons and note the likely location based on GPS triangulation. Why do you consider that so private that I cannot publish it even though you're making it possible for me to see and locate it, especially when you accept that it's not an issue that I can see it?

Exactly - this is basically the equivalent of collecting house door numbers. It's a piece of information that's being made freely available to the public, the user has complete control over whether that information is broadcast or not, and now Google are giving them another option. This is far less intrusive than satellite photography services and far easier to opt out of and yet they've been around for years with little complaint, even though it's far easier to see ways to exploit that information (escape

Everyone who doesn't want to get tracked by Facebook please change his name to Joe_NoFacebook Smith. Everyone who doesn't want to get tracked by Google +, add a "noPlus" instead. And everyone who doesn't want to get tagged by the Facebook picture recognition will please use a neon green colored "F" tattoo on their forehead.

How is recording your SSID and the location it was found at tracking you? If you set it to your name, or to some personal information then that's your fault for broadcasting your name or whatever personal information. Radio is a common resource. If you are broadcasting your info out into the public domain then it's nobody's fault but your own if someone records and shares it. Fortunately.. if you have encryption turned on that's pretty much all they get. Your SSID. If you don't have encryption turned o

WTF is this crap doing being modden up?! Is this slashdot? Or did I somehow get lost on the Internet?! There is nothing evil about receiving and decoding radio signals. Keep your radiowaves to yourself if you don't want to be noticed. Just don't broadcast. It's that simple.

It is utterly ridiculous it is somehow considered normal for just about anybody to transmit their filthy radio waves right through my body while listening to them is somehow considered evil. This is so incredibly wrong.

They aren't doing any snooping on your private data here, just noting where different SSIDs are broadcasting. Unless your SSID name consists of your name, DOB, mother's maiden name, etc. you have nothing to worry about.

It's not even about privacy. Most people don't know what a MAC address is, let alone care, and it's not like Google are plotting this on a map or giving any way whatsoever to trace it back to you or your location. This is far less nefarious than gathering people's phone numbers into a directory along with their name and address, yet for years that was considered perfectly acceptable on an opt-out basis. I'm all for privacy but let's fight the battles that actually matter - in the grand scheme this really do

It seems to me your issue should be with the hardware vendors if they're forcing you to publicly broadcast what you consider to be private information. If your phone only worked when you stood naked in a public place, would you accept that, too?

You couldn't have wifi without broadcasting some form of ID. When machines communicate they have to be able to identify what machine the message is intended for. I guess there could be a protocol that encrypts the ID. But then every device has to try to decrypt every message that goes past in order to check the ID to see if it's it's own. That would kill batter life and waste processor speed.

It is, you opt in when you broadcast. It's really no different than standing in your front yard and shouting. You don't have a right to be upset when somebody driving by records and shares what you say.

Then can I please opt out of my neighbours transmitting their radiowaves into my home?

You are turning things upside down, as is half the world. Just like it is not very common for people to be able to opt out of nearby people hearing them screaming, it is rather difficult for you to opt-out of my antenna receiving the radio signals your radio broadcasts. If you don't want to be heard, don't broadcast. It's that simple.

AC has a good point -- the vast majority of people are NOT organ donors in localities where it is opt-in, vs. the vast majority participating when it is opt-out. It is really hard to argue that this is not a good thing. You could, however, argue that it reflects VERY poorly on us that we need organ donation to be opt-out before we see a large number of organ donors...

There's an easy solution. Those who opt in automatically get put higher on the list in the case of needing an organ themselves. Not to be entirely callous, Opt-outers can have any leftovers. IF there even are any. It sounds pretty fair to me!

Opt-in? Just like my neighbours should explicitly get my permission to broadcast their fugly SSID into my home!

IMHO broadcasting voids any reasonable expectation of not being noticed. This should not be opt in or opt out or whatever. Anybody is and should always be allowed to receive any radio signals. If you don't want me to receive your radiosignals, keep them to yourself.

While it is nice of Google to offer this, I don't really understand why people care. The SID was always public information as are the location of the AP. So to then turn around and accuse Google of invade your privacy by recording what essentially you've told your AP to shout from the rooftops seems a little contradictory to me. It isn't like SIDs are personal or in any way linked to you as an individual or even your surfing activity.

So as I said, nice of Google to do this, but I'd question what anyone who opted out really hopes to accomplish by doing so...

While it is nice of Google to offer this, I don't really understand why people care. The SID was always public information as are the location of the AP. So to then turn around and accuse Google of invade your privacy by recording what essentially you've told your AP to shout from the rooftops seems a little contradictory to me. It isn't like SIDs are personal or in any way linked to you as an individual or even your surfing activity.
So as I said, nice of Google to do this, but I'd question what anyone who opted out really hopes to accomplish by doing so...

An SSID of "I hate Islam" might work well in the leafy suburbs of Surrey, but you might not want the location broadcast world wide

Sorry, where can I download the complete database of AP locations? Because as far as I know, the database "read access" works the other way around. Your phone submits a list of APs around you to Google's servers and in turn you get your approximate location.
I don't understand what the problem here is.

Actually, your phone submits a list of AP MAC addresses to Google, and Google records those along with your phone's GPS data (if available), or it sends you your approximate location (if GPS data isn't available). This new thing will tell your phone what SSIDs to ignore, but not only does Google not publish the SSID location database, they don't even have one. These people are in a massive panic over somebody learning their MAC address.

"Public information => no need for privacy" is a very typical logical fallacy. Privacy is not a black-or-white thing, categorizing things into private/public misses the point.

For example: when you move out of your home, your location is public information. Anyone who can see you knows that you're there. Similarly, your "image" is public information, anyone can take a picture of you. This does not violates your privacy, as long as it happens by random people in the street. If someone tracks your every mov

Nobody has access to the data. Your device sends Google a request saying devices A, B and C are nearby, Google then looks these up in their database, decides you are likely somewhere near location X and returns that location. If you have something you want to keep private being broadcast by your router, you should be more worried about the guy outside your house reading that information on his phone than Google keeping a private database of that same data.

I could see a case where someone's life may be in jeopardy if there was a searchable index of SSID names that automatically zooms into a location on a map. Someone being stalked by an aggressive ex, for instance, who doesn't realize their SSID is tied to a map location that is easily searchable. Let's say said aggro ex set up the WAP in first place and so knows the SSID but lost it in the divorce/breakup, or even willingly gave it up knowing they'd eventually be able to search for it via google maps.

You have the right answer. Nobody seems to think about the greater good any more. Large corporations and governments already have access to all of this data. Google is just making it available for regular people in an incredibly useful way. It's perfectly valid to have problems with this, but don't ignore the benefits as well.

There's no point saying "It should be opt-in", because it can't possibly work on an opt-in basis. There's no way to get a sufficient number of opted-in wireless access points. The available options are "Opt-out is OK" or "The service shouldn't exist".

It's not owed to Google, but that's not the point. The point is that Google is taking public information and turning it into a service that is useful to ordinary people. You may disagree, but personally I think that's socially useful and I for one will not be opting out.

Agreed. I have quite a different opinion from a number of people, evidently. This article on Slashdot is the first I'd heard of this (and I am sure I'll get some abuse for admitting that, but...). I work in the IT field, have done so for 25 years professionally (many more years as a hobby, like most people), and read tech sites like Slashdot on a daily basis.

So my reaction is that if someone in my position is only just becoming aware of this, how is Joe Public going to hear about this? Forget about "it's pu

The available options are "Opt-out is OK" or "The service shouldn't exist".

Then the service shouldn't exist. Simple enough.

But then again, there may be a third option you're not considering. What are these location services used for? Checking into restaurants, tagging pictures with locations, checking the weather, etc. Where do I do these things? Mostly when I'm out on the town, or at home. So, make deals with Starbucks, AT&T, Barnes and Noble, etc. to use their SSIDs in the database. These companies have vast networks of wifi hotspots so it should cover a good deal of high tr

What you're suggesting is not logistically feasible. Even if you ignore the difficulties of getting sufficient numbers of businesses on board with this to make it worthwhile (and the fact that you's still be missing out large swathes of any non-urban locations), what happens if your local restaurant goes out of business (happening quite a lot in this current climate) and you buy their router in an auction? Are Google then liable for the fact that you didn't realise someone else had opted you in? I'm sorry,

What happens if I want to hide my access point from Apple, Google and Skyhook at once? Should I name by AP as

LINKSYS_NOMAP_NOAPPLE_NOSKYHOOK

or will this be a global suffix?

From TFA:

Finally, because other location providers will also be able to observe these opt-outs, we hope that over time the “_nomap” string will be adopted universally. This would help benefit all users by providing everyone with a unified opt-out process regardless of location provider.

Google has every right to use your SSID for geolocation purposes. The privacy whiners all seem to conveniently forget that when you operate a wifi access point, you are BROADCASTING your SSID to anyone within range. It is the same as if you switched on an AM or FM radio transmitter in your home or business and continuously spoke into the microphone: "My network is named kitty-net... my network is named kitty-net... my network is named kitty-net..."

If you don't want something known to anyone within range, you might consider not BROADCASTING it. Every access point in the world has the ability to shut off its SSID announcements.

Every access point in the world has the ability to shut off its SSID announcements.

If you're not broadcasting your SSID, Google will still map it. If you don't want them to, you'll actually have to broadcast an SSID, and append _nomap to it, since anyone can find your router's MAC address even if you're not broadcasting your SSID.

Yes, I'm broadcasting my SSID - however, my reason for doing so is that I don't have to tell guests, patrons, etc. what the SSID is supposed to be and how they can enter that on their OS of choice. All OS's have at least a user-friendly method for connecting to an AP that does broadcast its SSID.I'm leaving aside that Google may still record APs that simply don't broadcast an SSID and thus requiring you to actually turn it on and fill in something along w

I value privacy as much as the next person but I don't see why this matters. Network names do not give away anything personal unless you *choose* to put something personal into the SSID. And if you do that you have "opted in" to broadcasting your personal information. Or am I missing something here?

Not broadcasting your SSID is not going to keep Google, Apple, Skyhook, etc... from learning your Wifi MAC address and mapping it.
The best answer to this is to manually define your Wifi MAC address. Many consumer based routers let you specify a specific mac. So does DD-WRT.
So everyone who doesn't like this idea shoud just change their MAC address to a random address from the DB from another country such as DE:AD:BE:EF:13:37. This MAC address geolocates to Latitude: 44.4899982 Longitude: 11.3569865 Pia

Just to clarify what seems to confuse some people here, the actual service doesn't use the SSID for location, it uses the MAC address. They're using the SSID to allow you to opt out, but when someone submits WIFI info for location, they're sending the mac address of the station, not the SSID. MAC addresses are unique (or at least they're supposed to be. I'm looking at you Shanzai.) SSIDs are not unique. If they used SSIDs, you'd never be able to figure out where "linksys" or "netgear" actually are.

When I set up an AP I'm broadcasting the SSID to everyone in range. I know this when I set it up. It's pretty much a physical requirement of wireless that you broadcast at least it's presence. Even secured point-to-point links broadcast a signal that any receiver in range can pick up. If I care that people know my AP exists in a particular spot, I shouldn't be using a broadcast technology!

NB: getting on my wireless won't help you much. Most of the computers in my home are on the wired LAN for security and t

The privacy raping is putrid. I simply don't trust them, but I still have to wait until either another contract change (how about Slashdot post the article in time next go around?) or until April to sever all ties. I went Android because it seemed to have more favorable developer sales contracts, but I'll deal with the Apple sandbox to not have my contact info monetized.

If you broadcast something over any radio service (part 15 wifi included) and you think it is or should be private...
YOU ARE A MORON
MORON MORON GO AWAY, RETURN TO THE NETS ANOTHER DAY (or don't).

I care so much because I don't want to see any new laws restricting the use of receivers. I don't want to see somebody's imagined (and in this case it really is imaginary) privacy rights to result in new restrictions on something that might actually have been useful

Why not allow users to enter their MAC address on something like donottrack.google.com - and remove AP from their database based on the entered information? That would be a proper method, that would work instantly, rather than relying on periodic rescan of your general vicinity. It would also avoid having to reconfigure every computer, wireless printer and other devices on the network, having a ridiculous looking SSID and general douchebaggery.

I'm assuming the service doesn't work based on a single access point. If you have ten access points that their database says are in location A and one access point that their database says should be 500 miles away, I'm sure they're smart enough to take a decent guess as to where you are.